Add the ability to restrict access to info page (#101)

ONLYOFFICE · Nov 22, 2023 · acead28 · acead28
1 parent 7aa39a8
commit acead28
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 2 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -63,7 +63,7 @@ ENV DOCSERVICE_HOST_PORT=localhost:8000 \
     NGINX_WORKER_CONNECTIONS=4096
 EXPOSE 8888
 RUN yum -y updateinfo && \
-    yum -y install gettext nginx && \
+    yum -y install gettext nginx httpd-tools && \
     yum clean all && \
     rm -f /var/log/*log
 COPY --chown=ds:ds config/nginx/nginx.conf /etc/nginx/nginx.conf

diff --git a/Dockerfile.noplugins b/Dockerfile.noplugins
@@ -57,7 +57,7 @@ ENV DOCSERVICE_HOST_PORT=localhost:8000 \
     NGINX_WORKER_CONNECTIONS=4096
 EXPOSE 8888
 RUN yum -y updateinfo && \
-    yum -y install gettext nginx && \
+    yum -y install gettext nginx httpd-tools && \
     yum clean all && \
     rm -f /var/log/*log
 COPY --chown=ds:ds config/nginx/nginx.conf /etc/nginx/nginx.conf

diff --git a/README.md b/README.md
@@ -140,6 +140,8 @@ Below is the complete list of parameters for `onlyoffice/docs-proxy`.
 - **NGINX_WORKER_CONNECTIONS**: Defines the nginx config [worker_connections](https://nginx.org/en/docs/ngx_core_module.html#worker_connections) directive. Defaults to `4096`.
 - **SECURE_LINK_SECRET**: Defines secret for the nginx config directive [secure_link_md5](http://nginx.org/ru/docs/http/ngx_http_secure_link_module.html#secure_link_md5). Defaults to `verysecretstring`.
 - **INFO_ALLOWED_IP**: Defines ip addresses for accessing the info page. You can specify multiple values separated by a space.
+- **INFO_ALLOWED_USER**: Defines user name for accessing the info page. If not set to, [Nginx Basic Authentication](https://nginx.org/en/docs/http/ngx_http_auth_basic_module.html) will not be applied to access the info page.
+- **INFO_ALLOWED_PASSWORD**: Defines user password for accessing the info page. Used if `INFO_ALLOWED_USER` is set.
 
 Below is the complete list of parameters for `onlyoffice/docs-docservice`, `onlyoffice/docs-converter`.
 - **DB_TYPE**: The database type. Supported values are `postgres`, `mariadb` or `mysql`. Defaults to `postgres`.

diff --git a/proxy-docker-entrypoint.sh b/proxy-docker-entrypoint.sh
@@ -21,4 +21,9 @@ if [[ -n "$INFO_ALLOWED_IP" ]]; then
     sed -i '/(info)/a\  allow '$ip'\;' /tmp/proxy_nginx/includes/ds-docservice.conf
   done
 fi
+if [[ -n "$INFO_ALLOWED_USER" ]]; then
+  htpasswd -c -b /tmp/auth "${INFO_ALLOWED_USER}" "${INFO_ALLOWED_PASSWORD:-password}"
+  sed -i '/(info)/a\  auth_basic \"Authentication Required\"\;' /tmp/proxy_nginx/includes/ds-docservice.conf
+  sed -i '/auth_basic/a\  auth_basic_user_file \/tmp\/auth\;' /tmp/proxy_nginx/includes/ds-docservice.conf
+fi
 exec nginx -c /tmp/proxy_nginx/nginx.conf -g 'daemon off;'